Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
Junk Email Filter
|
Security
Cross site scripting in compose, draft & HTML mail viewing
- Date:
- 2006-12-02
- Description:
- Cross site scripting via malicious input the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php. This has been addressed in 1.4.9.
Cross site scripting via a shortcoming in the magicHTML filter. This has been addressed in 1.4.9 and improved in 1.4.9a.
- Affected Versions:
- 1.4.0 - 1.4.9
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- CVE-2006-6142
- Patch:
- view patch
- Credits:
- Thanks go to Martijn Brinkers for his continuous research that uncovered these problems.
- This page last updated:
- 2006-12-04 09:30:18
|
